Do not enable configurations that expose Node.js or Electron APIs to untrusted web content in renderer processes. This includes avoiding `nodeIntegration: true` for remote content and not directly exposing IPC APIs in preload scripts.
Do not enable configurations that expose Node.js or Electron APIs to untrusted web content in renderer processes. This includes avoiding nodeIntegration: true for remote content and not directly exposing IPC APIs in preload scripts.
Why this matters:
nodeIntegration: true disables sandboxing and grants full Node.js access to renderer processesipcRenderer.on gives renderers direct access to the entire IPC event systemSecure approach:
// ❌ Dangerous - exposes Node.js APIs to remote content
new BrowserWindow({
webPreferences: {
nodeIntegration: true, // Disables sandbox, security risk
contextIsolation: false
}
})
// ✅ Secure - use sandboxed renderer with controlled API exposure
new BrowserWindow({
webPreferences: {
sandbox: true, // Default since Electron 20
contextIsolation: true, // Default since Electron 20
preload: path.join(__dirname, 'preload.js')
}
})
// In preload.js - expose only specific, validated APIs
const { contextBridge, ipcRenderer } = require('electron')
// ❌ Don't expose raw IPC
window.ipcRenderer = ipcRenderer
// ✅ Expose controlled, specific functions
contextBridge.exposeInMainWorld('electronAPI', {
performAction: (...args) => ipcRenderer.invoke('perform-action', ...args)
})
Always validate the origin and content when handling requests from renderer processes, especially when loading remote content. Use the principle of least privilege - only expose the minimum APIs necessary for your application to function.
Enter the URL of a public GitHub repository